Bug 1078901 - Format Security
Summary: Format Security
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking   
(Show other bugs)
Version: rawhide
Hardware: Unspecified Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jaroslav Reznik
QA Contact:
Pete Travis
URL:
Whiteboard: ChangeAcceptedF21 SystemWideChange
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-20 14:01 UTC by Jaroslav Reznik
Modified: 2015-04-11 18:08 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-12-08 15:22:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1161213 None None None Never

Description Jaroslav Reznik 2014-03-20 14:01:56 UTC 
This is a tracking bug for Change: Format Security
For more details, see: http://fedoraproject.org//wiki/Changes/FormatSecurity

Enable "-Werror=format-security" compilation flag for all packages in Fedora. Once this flag is enabled, GCC will refuse to compile code that could be vulnerable to a string format security flaw.
Comment 1 Jaroslav Reznik 2014-07-04 10:43:30 UTC 
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 [1].

At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze.

This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. 

In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.

[1] https://fedoraproject.org/wiki/Releases/21/Schedule
Comment 2 Pete Travis 2014-09-23 04:20:59 UTC 
Hey Halfie,

Despite not really being a *interactive* change, I think that this still represents a substantial and marketable improvement to Fedora's offerings.  I wrote a little about it for the Release Notes at https://fedoraproject.org/wiki/Documentation_Security_Beat , would you please look it over?
Comment 3 Jaroslav Reznik 2014-10-07 12:23:35 UTC 
This message is a reminder that Fedora 21 Change Checkpoint: 100% Code Complete Deadline (Former Accepted Changes 100% Complete) is on 2014-10-14 [1].

All Accepted Changes has to be code complete and ready to be validated in the Beta release (optionally by Fedora QA). Required bug state at this point is ON_QA.

As for several System Wide Changes, Beta Change Deadline is a point of contingency plan. All incompleted Changes will be reported to FESCo on 2014-10-15 meeting. In case of any questions, don't hesitate to ask Wrangler (jreznik).

[1] https://fedoraproject.org/wiki/Releases/21/Schedule
Comment 4 Jaroslav Reznik 2014-10-13 16:04:30 UTC 
Dhiru, any news on this change? The deadline is tomorrow. See message above. Also documentation guys are looking for more RN review.
Comment 5 Dhiru Kholia 2014-10-20 15:13:11 UTC 
Around 70 FTBFS bugs are still pending. Otherwise, things are looking good.
Comment 6 Jaroslav Reznik 2014-10-29 11:42:53 UTC 
Moving to ON_QA based on comment #5.
Comment 7 Pete Travis 2015-04-11 18:08:29 UTC 
I think this is all done, so I'm clearing the needinfo flag to keep our bz queues more clean.  If you disagree, take action :)
Note You need to log in before you can comment on or make changes to this bug.